pegasus | cdc4645f8705dd614528ac63a6cecce5b35dc931ce15d6c5421c91b47cb860e6

Analysis

max time kernel
176s
max time network
542s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
22/03/2025, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery stealer trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
stealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
PID:4784

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
ee9c114b64dc0b14d0e407adfc93ccfe

SHA1
333b979025ab32341c3850e2546fe4b0f020e33b

SHA256
fb788c8a1eaba4da23b9397a7184336739f66f70ced2189c61e3a07ee9985433

SHA512
3fc15753e144895c565168b1cc5f4d4fec986ae1bb88ec5be9cd9a8ff1bdc23fcbb926fcd7ca173e9455290b432def94676f8d7379bd672892d9b4207b1fd258

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
515a2860302c725f098b272db4ca9e32

SHA1
967547984f6fab8e8589764542e6cf266f73d0a6

SHA256
147ad7248f6748260f68d8b66a50f53b29e394474cc8b32164e779e640ebd15f

SHA512
0704fac10e0cd43f301550483ac8a9b0e70640f1f7bec0c0d462aaad16a5da45a37a4298d3853a75ad6c386ec2f5bef37f59d5d7107d4b4ace3400d7b5f4eeb2

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
7186ca6ef8a747018adc94f79ae8f973

SHA1
9b222cd2b0976e871f252cf58668aa169c8ad88c

SHA256
0d75350d24188e050c664fb64aac7bc5da1e0b433c02a31505aa67eefd2595e1

SHA512
3a6071bb0c3e7fec42caf699c50ea4a70b3fd55c8cdb5c990194d5931715d32d864debcd3e5f7871b55e874465407fef644518c2e477ac045de953c6c3dd5963

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
8e8c76dc6391d96b22c4132735202aa6

SHA1
aa1a3853fc5c3684064edb9341c271dd167dd34c

SHA256
4bf9d656be8d2de5820e57e00b252c8b4d651458bd139571706545b1395e7811

SHA512
d4e5e50909e2c278d4b903cfb022ebf09f21f1921110f1dca61e09fa3d9ea39a1260059e6c8766807b61c0f3e27d177d6711e4f67ae40e685a6868a97f7d7903

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
f64a816e653835b07054fb6ff9c91524

SHA1
8a78b568a09bfa940d8d4c1d889c92dd962047ac

SHA256
f942e329bb4d8e844e2ee2cee3fa71212fbf26c1016a5dec8eaf529716d0479a

SHA512
32195c3faf677215d7e9a9c1809585c93b981edea59c111d41110df1a10913edce7b11d2ca12c83b01cc0fd57ce4667ad9f101fbff4273de4a020919e718dd10

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
4c95b43f551d6ff58184c2eeb1e64623

SHA1
2e3a7404e845802ab78d75b781f6fdcd333f46fc

SHA256
49ea9df16b41edf04e64352c736e4d54cc274b7a3d63b58b9f8cc598c7a7ceed

SHA512
26b007fda35fc3e6d7fb3764f79c0bc79938cfaab61f1e5459d5300c04e50facabdc2108f43e5d67e48849dd4064fc60d0356b3a8ceb8d534522352fe4f7242d

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
da52b48e49e4ccf6c3686770f065b3dc

SHA1
cfdf6aae34c95a130f3f9234851c0ea5a1b942a1

SHA256
c4927ee3af66b543453e008a2d9df2ce0eb21c23425f271cf9d9dc89bea1bf05

SHA512
c8e2814e3143167cb8e1027e7aae34e9b721f0631a2ed700a7269ee7147c064693ef16d77f0b2fe313af0df7bf621265319cb5f3f54c876c4cd2b63298d2f9a6

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
46da62246b92905007d06844f7cf2d86

SHA1
239e51ab1ff8f8f0233b71a71cffad3b2b39cb88

SHA256
968d1952b3ad602fad455029f73bec7031d0e7e9c13ab67cc83f66fa8462a1fb

SHA512
11b4ef259ef27fe77a40d7643308855fcc986496632a6c9e451d8bb625406f099e471c108bb91dbed5a548be4314ef24bc1884e88c599eb47ba3641bcc6e8b8e

Download Submit
/data/user/0/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/user/0/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads